CN113542274A - Cross-domain data transmission method, device, server and storage medium - Google Patents

Cross-domain data transmission method, device, server and storage medium Download PDF

Info

Publication number
CN113542274A
CN113542274A CN202110799973.6A CN202110799973A CN113542274A CN 113542274 A CN113542274 A CN 113542274A CN 202110799973 A CN202110799973 A CN 202110799973A CN 113542274 A CN113542274 A CN 113542274A
Authority
CN
China
Prior art keywords
server
target
proxy server
access request
source
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110799973.6A
Other languages
Chinese (zh)
Inventor
孙强
蔡力兵
韦文峰
范金平
孙俊锋
刘志远
赖成宾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Zhongfu Information Technology Co Ltd
Original Assignee
Nanjing Zhongfu Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Zhongfu Information Technology Co Ltd filed Critical Nanjing Zhongfu Information Technology Co Ltd
Priority to CN202110799973.6A priority Critical patent/CN113542274A/en
Publication of CN113542274A publication Critical patent/CN113542274A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/06Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application provides a cross-domain data transmission method, a device, a server and a storage medium, and relates to the technical field of internet. The method is applied to a source proxy server in a cross-domain data transmission system, and comprises the following steps: receiving an access request sent by a source server, wherein the access request comprises an identifier of a target server; analyzing the access request to generate an access request text; carrying out security verification on the access request text to obtain a security verification result; if the security check result indicates that the access request text is secure, sending the access request text to a target server through first one-way transmission equipment and a target proxy server; and receiving response information sent by the target server through the target proxy server and the second unidirectional transmission equipment, and sending the response information to the source server. By applying the embodiment of the application, the safety of cross-domain data transmission can be ensured.

Description

Cross-domain data transmission method, device, server and storage medium
Technical Field
The present application relates to the field of internet technologies, and in particular, to a method, an apparatus, a server, and a storage medium for data transmission across multiple network domains.
Background
With the rapid development of internet technology, each industry has higher requirements on data security, in some service scenarios, internal service data needs to access external resources, and external data needs to be imported into an internal service system.
At present, a proxy server in an information communication network is mainly used for forwarding data in different network domains, however, in the process of forwarding cross-domain data, security of network cross-domain data transmission often cannot be guaranteed.
Disclosure of Invention
An object of the present application is to provide a method, an apparatus, a server and a storage medium for cross-domain data transmission, which can ensure the security of the cross-domain data transmission.
In order to achieve the above purpose, the technical solutions adopted in the embodiments of the present application are as follows:
in a first aspect, an embodiment of the present application provides a cross-domain data transmission method, which is applied to a source proxy server in a cross-domain data transmission system, where the cross-domain data transmission system includes a source server, the source proxy server, a target proxy server, a first unidirectional transmission device, a second unidirectional transmission device, and a target server; wherein the source server is in communication connection with the source proxy server; the first unidirectional transmission equipment is respectively in communication connection with the source proxy server and the target proxy server, and the second unidirectional transmission equipment is respectively in communication connection with the source proxy server and the target proxy server; the target proxy server is in communication connection with the target server; the method comprises the following steps:
receiving an access request sent by the source server, wherein the access request comprises an identifier of the target server;
analyzing the access request to generate an access request text;
performing security verification on the access request text to obtain a security verification result;
if the security verification result indicates that the access request text is secure, sending the access request text to the target server through the first unidirectional transmission equipment and the target proxy server;
and receiving response information sent by the target server through the target proxy server and the second unidirectional transmission equipment, and sending the response information to the source server.
Optionally, the analyzing the access request to generate an access request text includes:
judging whether the user information is user information in a white list or not according to user information corresponding to the access request and the preset white list, wherein the white list comprises at least one piece of user information which belongs to safety;
and if the user information is the user information in the white list, analyzing the access request to generate an access request text.
Optionally, the method further comprises:
and if the user information is not the user information in the white list, backing up the access request and not analyzing the access request.
Optionally, the sending the access request text to the target server through the first unidirectional transmission device and the target proxy server includes:
converting the access request text into a target text conforming to a target protocol according to the format of the target protocol;
encrypting the target text according to a pre-generated secret key to obtain an encrypted target text;
and sending the encrypted target text to the target proxy server through the first one-way transmission equipment, and sending a result obtained by decrypting the encrypted target text by the target proxy server to the target server.
In a second aspect, an embodiment of the present application provides a cross-domain data transmission method, which is applied to a target proxy server in a cross-domain data transmission system, where the cross-domain data transmission system includes a source server, a source proxy server, the target proxy server, a first unidirectional transmission device, a second unidirectional transmission device, and a target server; wherein the source server is in communication connection with the source proxy server; the first unidirectional transmission equipment is respectively in communication connection with the source proxy server and the target proxy server, and the second unidirectional transmission equipment is respectively in communication connection with the source proxy server and the target proxy server; the target proxy server is in communication connection with the target server; the method comprises the following steps:
receiving an access request text sent by the source proxy server through the first unidirectional transmission equipment, and sending the access request text to the target server;
receiving response information of the target server, and carrying out security verification on the response information to obtain a security verification result;
and if the security check result indicates that the response information is secure, sending the response information to the source server through the second unidirectional transmission equipment and the source proxy server.
Optionally, the sending the response information to the source server through the second unidirectional transmission device and the source proxy server includes:
converting the response information into a response text conforming to a specified protocol according to the format of the specified protocol;
encrypting the response text according to a pre-generated secret key to obtain an encrypted response text;
and sending the encrypted response text to the source proxy server through the second unidirectional transmission equipment, and sending a result obtained by decrypting the encrypted response text by the source proxy server to the source server.
Optionally, the method further comprises:
and if the safety check result indicates that the response information is unsafe, sending the unsafe indication of the response information to the source server through the second unidirectional transmission equipment and the source proxy server.
In a third aspect, an embodiment of the present application provides a cross-domain data transmission apparatus, which is applied to a source proxy server in a cross-domain data transmission system, where the cross-domain data transmission system includes the source server, the source proxy server, a target proxy server, a first unidirectional transmission device, a second unidirectional transmission device, and a target server; wherein the source server is in communication connection with the source proxy server; the first unidirectional transmission equipment is respectively in communication connection with the source proxy server and the target proxy server, and the second unidirectional transmission equipment is respectively in communication connection with the source proxy server and the target proxy server; the target proxy server is in communication connection with the target server; the device comprises:
a first receiving module, configured to receive an access request sent by the source server, where the access request includes an identifier of the target server;
the first analysis module is used for analyzing the access request to generate an access request text;
the first checking module is used for carrying out safety checking on the access request text to obtain a safety checking result;
the first sending module is used for sending the access request text to the target server through the first unidirectional transmission equipment and the target proxy server if the security verification result indicates that the access request text is secure;
and the second receiving module is used for receiving the response information sent by the target server through the target proxy server and the second unidirectional transmission equipment and sending the response information to the source server.
Optionally, the first parsing module is specifically configured to determine whether the user information is user information in a white list according to user information corresponding to the access request and the preset white list, where the white list includes at least one piece of user information that is safe; and if the user information is the user information in the white list, analyzing the access request to generate an access request text.
The device further comprises: a first backup module; the first backup module is configured to backup the access request and not analyze the access request if the user information is not the user information in the white list.
Optionally, the first sending module is specifically configured to convert the access request text into a target text conforming to a target protocol according to a format of the target protocol; encrypting the target text according to a pre-generated secret key to obtain an encrypted target text; and sending the encrypted target text to the target proxy server through the first one-way transmission equipment, and sending a result obtained by decrypting the encrypted target text by the target proxy server to the target server.
In a fourth aspect, an embodiment of the present application further provides a cross-domain data transmission apparatus, which is applied to a target proxy server in a cross-domain data transmission system, where the cross-domain data transmission system includes a source server, a source proxy server, the target proxy server, a first unidirectional transmission device, a second unidirectional transmission device, and a target server; wherein the source server is in communication connection with the source proxy server; the first unidirectional transmission equipment is respectively in communication connection with the source proxy server and the target proxy server, and the second unidirectional transmission equipment is respectively in communication connection with the source proxy server and the target proxy server; the target proxy server is in communication connection with the target server; the device comprises:
a third receiving module, configured to receive an access request text sent by the source proxy server through the first unidirectional transmission device, and send the access request text to the target server;
the second checking module is used for receiving the response information of the target server and carrying out safety checking on the response information to obtain a safety checking result;
and the second sending module is used for sending the response information to the source server through the second unidirectional transmission equipment and the source proxy server if the security check result indicates that the response information is secure.
Optionally, the second sending module is specifically configured to convert the response information into a response text conforming to a specified protocol according to a format of the specified protocol; encrypting the response text according to a pre-generated secret key to obtain an encrypted response text; and sending the encrypted response text to the source proxy server through the second unidirectional transmission equipment, and sending a result obtained by decrypting the encrypted response text by the source proxy server to the source server.
Optionally, the second sending module is further specifically configured to send, if the security check result indicates that the response information is not secure, the insecure indication of the response information to the source server through the second unidirectional transmission device and the source proxy server.
In a fifth aspect, an embodiment of the present application provides a server, including: a processor, a storage medium and a bus, wherein the storage medium stores machine-readable instructions executable by the processor, when the server runs, the processor communicates with the storage medium through the bus, and the processor executes the machine-readable instructions to execute the steps of the cross-domain data transmission method according to the first aspect or the second aspect.
In a sixth aspect, the present application provides a storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the steps of the cross-domain data transmission method according to the first aspect or the second aspect are executed.
The beneficial effect of this application is:
the embodiment of the application provides a cross-domain data transmission method, a device, a server and a storage medium, wherein the method is applied to a source proxy server in a cross-domain data transmission system and comprises the following steps: receiving an access request sent by a source server, wherein the access request comprises an identifier of a target server; analyzing the access request to generate an access request text; carrying out security verification on the access request text to obtain a security verification result; if the security check result indicates that the access request text is secure, sending the access request text to a target server through first one-way transmission equipment and a target proxy server; and receiving response information sent by the target server through the target proxy server and the second unidirectional transmission equipment, and sending the response information to the source server.
By adopting the cross-domain data transmission method provided by the embodiment of the application, after the source proxy server generates the access request text by analysis, the access request text needs to be subjected to security check, the access request text is sent to the first one-way transmission device on the premise that the access request text is safe, then the access request text is transmitted to the target server through the target proxy server, and after the target server responds to the access request, the response information can be sent to the source server through the target proxy server and the second one-way transmission device. Therefore, the risk of sensitive information leakage of the source server end can be avoided, and the safety of cross-domain data transmission can be ensured.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a schematic view of a cross-domain data transmission system according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of a cross-domain data transmission method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of another cross-domain data transmission method according to an embodiment of the present application;
fig. 4 is a schematic flowchart of another cross-domain data transmission method according to an embodiment of the present application;
fig. 5 is a schematic flowchart of another cross-domain data transmission method according to an embodiment of the present application;
fig. 6 is a schematic flowchart of another cross-domain data transmission method according to an embodiment of the present application;
fig. 7 is a schematic flowchart of a cross-domain data transmission method according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a cross-domain data transmission apparatus according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of another cross-domain data transmission apparatus according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
Before explaining the embodiments of the present application in detail, an application scenario of the present application will be described first. The application scenario may specifically be a scenario of transmitting data across network domains, where a network domain may be understood as two different networks, for example, data is transmitted from a local area network to a public network, or data is transmitted from one local area network to another local area network, which is not limited in this application. Fig. 1 is a schematic view of a cross-domain data transmission system according to an embodiment of the present application, and as shown in fig. 1, the system includes a source server 101, a source proxy server 102, a first unidirectional transmission device 103, a second unidirectional transmission device 104, a target proxy server 105, and a target server 106.
The source server 101 is in communication connection with the source proxy server 102; the first unidirectional transmission equipment 103 is respectively in communication connection with the source proxy server 102 and the target proxy server 105, and the second unidirectional transmission equipment 104 is respectively in communication connection with the source proxy server 102 and the target proxy server 105; the target proxy server 105 is communicatively coupled to the target server 106.
It should be noted that, in fig. 1, the server is the source server 101 or the target server 106, and the proxy server is the source proxy server 102 or the target proxy server 105, which are determined mainly according to the transmission direction of the access request, the source server is the server that sends the access request, the target server is the party that receives the access request and responds to the access request, the proxy server that belongs to the same domain as the source server is the source proxy server, and the proxy server that belongs to the same domain as the target server is the target proxy server. That is, the source server 101, the source proxy server 102, the target server 106, and the target proxy server 105 in fig. 1 may be target servers, target proxy servers, and the present application is not limited thereto.
The following is explained with the scenario shown in fig. 1, that is, the source server 101 issues an access request to the target server 106, where the source server 101 and the source proxy server 102 are located in a network domain a, the target proxy server 105 and the target server 106 are located in a network domain B, and the network domain a and the network domain B are two different networks, such as a local area network and a public network. The first unidirectional transmission device 103 only receives the data sent by the source proxy server 102 and transmits the data to the target proxy server 105; the second unidirectional transmission device 104 only receives the data sent by the target proxy server 105 and sends the data to the source proxy server 102, that is, the first unidirectional transmission device 103 and the second unidirectional transmission device 104 have unidirectional transmission characteristics, and can implement bidirectional communication in combination with the first unidirectional transmission device 103 and the second unidirectional transmission device 104.
The source server 101 may be a physical server, a cloud server, a client, or the like, and the present application does not limit the source server, for example, a user may perform a trigger operation through the client on the terminal to generate an access request for accessing resources of the target server 106, where the access request may be an HTTP (Hyper Text Transfer Protocol) request or an HTTPs (Hyper Text Transfer Protocol over Secure Socket layer) request, or may be an access request in another Protocol format, and the present application does not limit the access request.
The source proxy server 102 receives the access request, and may perform security operation on the access request by the following embodiment, and send the access request information after performing the security operation to the destination proxy server 105 through the first unidirectional transmission device 103, and the destination proxy server 105 may send the access request to the destination server 106 after parsing the access request; the target server 106 responds to the access request, generates response information, and simultaneously sends the response information to the target proxy server 105, wherein the specific form of the target server 106 may include a physical server, a cloud server, and the like. The target proxy server 105 may perform a security operation on the response information in the following manner, and send the response information after performing the security operation to the source proxy server 102 through the second unidirectional transmission device 104, and the source proxy server 102 may analyze the response information after performing the security operation and send an analysis result, that is, the response information to the source server 101.
The cross-domain data transmission method mentioned in the present application is exemplified as follows with reference to the accompanying drawings. Fig. 2 is a schematic flowchart of a cross-domain data transmission method according to an embodiment of the present application, where the method is applicable to a source proxy server in the above-mentioned cross-domain data transmission system. As shown in fig. 2, the method may include:
s201, receiving an access request sent by a source server, wherein the access request comprises an identifier of a target server.
The source router may be connected to a plurality of source proxy servers, and the source router may send the access request to the source proxy server according to an IP address of a target server in the access request sent by the source server. The access request may be an HTTP/HTTPs request, or may be an access request in another protocol format, which is not limited in this application.
By the preset route forwarding strategy, when a user accesses a target server by using a non-browser (such as a client), the condition that the IP address of the target server in an access request is modified into the IP address of a source proxy server can be avoided, so that the experience degree of the user can be improved, and the use flexibility of the source proxy server can be improved.
S202, analyzing the access request to generate an access request text.
S203, carrying out security verification on the access request text to obtain a security verification result.
The access request processing thread pool in the source proxy server belonging to the A network domain can call an access thread analysis protocol to analyze the access request, convert data in the access request into a text, and generate an access request text. Optionally, the access request text may be scanned according to a service-affiliated sensitive keyword list corresponding to the source server, where content in the service-affiliated sensitive keyword list may be flexibly configured according to service requirements, and/or the access request may be subjected to virus inspection, and the security check result may include content of the access request text that is secure or the access request text that is not secure.
It should be noted that, the information configuration may be performed on the source proxy server in advance according to the required function of the source proxy server, and specifically, the following may be performed:
server:
18228// service Port
trans 1// unidirectional transmission device type 1
True/virucidal
True/keyword Scan of Keyscan
It can be seen that, a port of the source proxy server for receiving the access request is 18228, the information related to the access request is sent to the first unidirectional transmission device (unidirectional transmission device type 1), and the antivirus check and the keyword scan check can be performed on the access request text, which needs to be noted that the present application does not limit the specific functions of the source proxy server.
And S204, if the security check result indicates that the access request text is secure, sending the access request text to a target server through the first unidirectional transmission equipment and the target proxy server.
Specifically, it is assumed that security verification specifically includes scanning the access request text according to a sensitive keyword list to which a service corresponding to a source server belongs, and if the access request text does not include a sensitive keyword in the sensitive keyword list or the number of the sensitive keywords matched with the sensitive keyword list does not exceed a threshold, the security verification result indicates that the access request text is secure, on the premise that the access request text is secure, a source proxy server belonging to a network domain a sends the access text to a first unidirectional transmission device, and the first unidirectional transmission device forwards the access text to a target proxy server belonging to a network domain B, and restores the access request text to an access request of a preset protocol specification, and then sends the access request to a target server.
If the access request text includes the sensitive keywords in the sensitive keyword list or the number of the sensitive keywords matched with the sensitive keyword list exceeds a threshold value, the security verification result indicates that the access request text is not secure, and the source proxy server can back up the access request text and does not send the access text to the first unidirectional transmission device.
Therefore, the source proxy server carries out security detection on the access request, so that the possibility of leakage of private information of the source server end can be avoided, the leakage of confidential data can be blocked in time, and the security of data transmission among different network domains is ensured.
S205, receiving the response information sent by the target server through the target proxy server and the second unidirectional transmission equipment, and sending the response information to the source server.
After receiving the access request, the target server can respond to the access request to obtain response information, the response information can be transmitted to the source proxy server through the target proxy server and the second unidirectional transmission device, then the source proxy server forwards the response information to the source server, and the response information can be displayed to the user through the client.
It should be noted that, when the thread for receiving the access request in the source proxy server does not receive the access request after exceeding the preset time period, the thread for receiving the access request may be in a sleep state, and if the thread for receiving the access request receives the access request within the preset time period, the thread for receiving the access request is awakened; the thread for receiving the response information in the source proxy server can be in a dormant state when the response information is not received in the source proxy server after the preset time period, and if the response information is received in the preset time period, the thread for receiving the response information is awakened, so that the workload of the source proxy server can be reduced.
To sum up, in the cross-domain data transmission method provided by the application, after the source proxy server generates the access request text by parsing, security check needs to be performed on the access request text, the access request text is sent to the first unidirectional transmission device on the premise that the access request text is secure, and then is transmitted to the target server through the target proxy server, and after the target server responds to the access request, response information can be sent to the source server through the target proxy server and the second unidirectional transmission device. Therefore, the risk of sensitive information leakage of the source server end can be avoided, and the safety of cross-domain data transmission can be ensured.
Fig. 3 is a schematic flowchart of another cross-domain data transmission method according to an embodiment of the present application. Optionally, as shown in fig. 3, the analyzing the access request to generate an access request text includes:
s301, judging whether the user information is the user information in the white list or not according to the user information corresponding to the access request and a preset white list.
S302, if the user information is the user information in the white list, analyzing the access request to generate an access request text.
The white list includes at least one piece of secure user information, which may refer to account information of the user, such as a user name. The source proxy server can determine corresponding user information according to the access request, matches the user information with the user information in the white list, determines whether the white list comprises the user information according to the matching degree, if the matching degree meets a preset requirement, namely the white list comprises the user information, the user information corresponding to the access request is proved to be safe, namely the content in the access request is safe, and under the previous condition, the source proxy server analyzes the access request and converts the access request into an access request text.
Therefore, the source proxy server analyzes the access request on the premise of ensuring that the access request is generated by triggering of the secure user, so that the workload of the source proxy server can be reduced, and the security of data transmission is improved.
Optionally, the source proxy server may also pre-store a blacklist opposite to the whitelist, where the blacklist includes at least one piece of unsafe user information, and determine whether the user information corresponding to the access request is safe according to the blacklist.
Optionally, the method may further include: and if the user information is not the user information in the white list, backing up the access request and not analyzing the access request.
The user information is matched with the user information in the white list, whether the user information is included in the white list is determined according to the matching degree, if the matching degree does not meet the preset requirement, namely the user information is not included in the white list, the fact that the user information corresponding to the access request is unsafe is proved, the source proxy server cannot analyze the access request, the access request can be backed up, and the problem tracing can be conveniently found in the future.
Fig. 4 is a schematic flowchart of another cross-domain data transmission method according to an embodiment of the present application. Optionally, as shown in fig. 4, the sending the access request text to the target server through the first unidirectional transmission device and the target proxy server includes:
s401, according to the format of the target protocol, the access request text is converted into a target text which accords with the target protocol.
The access request processing thread pool on the source proxy server can call an access thread analysis protocol to analyze the access request, convert data in the access request into a text, namely generate an access request text, and after the access request text passes security check, can extract complete data and some necessary information in the access request text according to a target protocol format to obtain a target text:
Figure BDA0003164320440000161
it should be noted that the present application does not limit the specific contents in the target text.
S402, encrypting the target text according to a pre-generated secret key to obtain an encrypted target text.
After three handshakes of a Transmission Control Protocol (TCP), the source proxy server and the target proxy server exchange certificates to generate a session key, and store the session key in the source proxy server and the target proxy server in advance. After the source proxy server converts the access request text into a target text according to a target protocol, the target text can be encrypted according to a secret key.
And S403, sending the encrypted target text to a target proxy server through the first one-way transmission equipment, and sending a result obtained by decrypting the encrypted target text by the target proxy server to the target server.
The source proxy server can transmit the encrypted target text to the first unidirectional transmission device, that is, data (target text) transmitted between the source proxy server and the first unidirectional transmission device is encrypted, the first unidirectional transmission device transmits the encrypted target text to the target proxy server belonging to the B network domain, the target proxy server can decrypt the encrypted target text according to a prestored secret key, and a decrypted result, that is, an access request obtained after decryption is transmitted to the target server. It can be seen that the data (target text) transmitted between the source proxy server and the first unidirectional transmission device is encrypted, so that the possibility of losing the content in the target text can be avoided, the confidentiality of data transmission is ensured, and the data cannot be restored even if stolen.
Fig. 5 is a flowchart illustrating another cross-domain data transmission method according to an embodiment of the present application, which can be applied to the target proxy server in the above-mentioned cross-domain data transmission system. As shown in fig. 5, the method may include:
s501, receiving an access request text sent by a source proxy server through first one-way transmission equipment, and sending the access request text to a target server.
After receiving an access request text sent by a source proxy server belonging to a network domain A through first one-way transmission equipment, a target proxy server belonging to a network domain B can analyze the access request text in advance, an access request such as an HTTP/HTTPS request is analyzed from the access request text, the target proxy server can submit the access request to a request thread, and a target address of the target server is accessed through the request thread, namely the access request is sent to the target server.
Furthermore, if the number of the access requests is large, the multiple access requests can be queued through the request thread, so that the load of the target server is reduced, multiple target proxy servers can be deployed in the B network domain, and the exchange capacity of the target proxy servers is expanded by using a cluster deployment and load balancing mode.
S502, receiving the response information of the target server, and carrying out security verification on the response information to obtain a security verification result.
And S503, if the security check result indicates that the response information is secure, sending the response information to the source server through the second unidirectional transmission device and the source proxy server.
And the target server responds based on the access request, generates response information and sends the response information to the target proxy server. Optionally, the response information may be scanned according to a service-affiliated sensitive keyword list corresponding to the target server, where content in the service-affiliated sensitive keyword list may be flexibly configured according to service requirements, and/or the response information is subjected to virus inspection, and the security check result may include content that the response information is secure or the response information is insecure.
If the response information does not include the sensitive keywords in the sensitive keyword list or the number of the sensitive keywords matched with the sensitive keyword list does not exceed a threshold value, the security check result indicates that the response information is safe, on the premise that the response information is safe, the target proxy server belonging to the B network domain sends the response information to the second unidirectional transmission device, the second unidirectional transmission device forwards the response information to the source proxy server belonging to the A network domain, and the source proxy server sends the response information to the source server.
Therefore, the target proxy server performs security detection on the response information generated by the target server, so that the possibility of leakage of the private information of the target server side can be avoided, and the security of data transmission is ensured.
Fig. 6 is a schematic flowchart of another cross-domain data transmission method according to an embodiment of the present application. Optionally, as shown in fig. 6, the sending the response information to the source server through the second unidirectional transmission device and the source proxy server includes:
s601, according to the format of the specified protocol, the response information is converted into a response text conforming to the specified protocol.
S602, encrypt the response text according to a pre-generated key, to obtain an encrypted response text.
After the security check result indicates that the response message is secure, the target proxy server can extract complete data and some necessary contents in the response message according to the format of the specified protocol, and then obtain a response text. After TCP three-way handshake, a source proxy server belonging to the A network domain and a target proxy server belonging to the B network domain can generate a session key, the key can be pre-stored on the target proxy server and the source proxy server, and after the target proxy server obtains a response text, the response text can be encrypted according to the pre-stored key, so that the encrypted response text is obtained.
And S603, sending the encrypted response text to the source proxy server through the second one-way transmission equipment, and sending a result obtained by decrypting the encrypted response text by the source proxy server to the source server.
The target proxy server can transmit the encrypted response text to the second unidirectional transmission device, that is, data (target text) transmitted between the target proxy server and the second unidirectional transmission device is encrypted, the second unidirectional transmission device transmits the encrypted response text to the source proxy server belonging to the A network domain, the source proxy server can decrypt the encrypted response text according to a prestored secret key, and a decrypted result, that is, response information obtained after decryption is transmitted to the source proxy server. It can be seen that the data (response text) transmitted between the target proxy server and the second unidirectional transmission device is encrypted, so that the possibility of losing the content in the response text can be avoided, the confidentiality of data transmission is ensured, and the data cannot be restored even if stolen.
Optionally, the method may further include: and if the safety check result indicates that the response information is unsafe, sending the unsafe indication of the response information to the source server through the second unidirectional transmission equipment and the source proxy server.
If the response information includes the sensitive keywords in the sensitive keyword list or the number of the sensitive keywords matched with the sensitive keywords in the sensitive keyword list does not exceed the threshold value, the security check result indicates that the response information is not secure, the target proxy server can back up the response information, generate an insecure indication corresponding to the response information, and send the insecure indication to the source server through the second unidirectional transmission device and the source proxy server. This ensures the security of data transmission in different network domains.
Fig. 7 is a schematic flowchart of a cross-domain data transmission method provided in an embodiment of the present application, and as shown in fig. 7, the method includes:
s701, the source proxy server receives an access request sent by the source server.
S702, the source proxy server analyzes the access request to generate an access request text.
S703, the source proxy server performs security verification on the access request text to obtain a security verification result.
And S704, if the security check result indicates that the access request text is secure, the source proxy server sends the access request text to the target server through the first unidirectional transmission equipment and the target proxy server.
S705, the target proxy server receives the access request text sent by the source proxy server through the first unidirectional transmission equipment, and sends the access request text to the target server.
S706, the target proxy server receives the response information of the target server and carries out security verification on the response information to obtain a security verification result.
And S707, if the security check result indicates that the response information is secure, the target proxy server sends the response information to the source server through the second unidirectional transmission device and the source proxy server.
S708, the source proxy server receives the response information sent by the target server through the target proxy server and the second unidirectional transmission equipment, and sends the response information to the source server.
For the details of the method, reference may be made to the relevant portions of the foregoing method embodiments, and details are not repeated herein.
Fig. 8 is a schematic structural diagram of a cross-domain data transmission apparatus applied to a source proxy server in the aforementioned cross-domain data transmission system according to an embodiment of the present application, and the basic principle and the resulting technical effect of the apparatus are the same as those of the aforementioned corresponding method embodiment, and for a brief description, reference may be made to corresponding contents in the method embodiment for a part not mentioned in this embodiment. As shown in fig. 8, the apparatus may include:
a first receiving module 801, configured to receive an access request sent by a source server, where the access request includes an identifier of a target server;
a first parsing module 802, configured to parse the access request to generate an access request text;
a first verification module 803, configured to perform security verification on the access request text to obtain a security verification result;
a first sending module 804, configured to send the access request text to a target server through a first unidirectional transmission device and a target proxy server if the security check result indicates that the access request text is secure;
the second receiving module 805 is configured to receive response information sent by the target server through the target proxy server and the second unidirectional transmission device, and send the response information to the source server.
Optionally, the first parsing module 802 is specifically configured to determine whether the user information is user information in a white list according to user information corresponding to the access request and a preset white list, where the white list includes at least one piece of user information that is safe; and if the user information is the user information in the white list, analyzing the access request to generate an access request text.
The device also includes: a first backup module; and the first backup module is used for backing up the access request and not analyzing the access request if the user information is not the user information in the white list.
Optionally, the first sending module 804 is specifically configured to convert the access request text into a target text conforming to the target protocol according to the format of the target protocol; encrypting the target text according to a pre-generated secret key to obtain an encrypted target text; and sending the encrypted target text to a target proxy server through the first one-way transmission equipment, and sending a result obtained by decrypting the encrypted target text by the target proxy server to the target server.
Fig. 9 is a schematic structural diagram of another cross-domain data transmission apparatus provided in this embodiment of the present application, which is applied to a target proxy server in the aforementioned cross-domain data transmission system, and the basic principle and the resulting technical effect of the apparatus are the same as those of the corresponding method embodiment, and for a brief description, the corresponding contents in the method embodiment may be referred to for the parts not mentioned in this embodiment. As shown in fig. 9, the apparatus may include:
a third receiving module 901, configured to receive an access request text sent by a source proxy server through a first unidirectional transmission device, and send the access request text to a target server;
the second checking module 902 is configured to receive response information of the target server, and perform security check on the response information to obtain a security check result;
a second sending module 903, configured to send the response information to the source server through the second unidirectional transmission device and the source proxy server if the security check result indicates that the response information is secure.
Optionally, the second sending module 903 is specifically configured to convert the response information into a response text conforming to the specified protocol according to the format of the specified protocol; encrypting the response text according to a pre-generated secret key to obtain an encrypted response text; and sending the encrypted response text to the source proxy server through the second one-way transmission equipment, and sending a result obtained by decrypting the encrypted response text by the source proxy server to the source server.
Optionally, the second sending module 903 is further specifically configured to send, if the security check result indicates that the response information is not secure, the insecure indication of the response information to the source server through the second unidirectional transmission device and the source proxy server.
The above-mentioned apparatus is used for executing the method provided by the foregoing embodiment, and the implementation principle and technical effect are similar, which are not described herein again.
These above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors, or one or more Field Programmable Gate Arrays (FPGAs), etc. For another example, when one of the above modules is implemented in the form of a Processing element scheduler code, the Processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling program code. For another example, these modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).
Fig. 10 is a schematic structural diagram of a server according to an embodiment of the present application, and as shown in fig. 10, the server is a source proxy server when executing the methods corresponding to fig. 2 to fig. 4, and the server is a target proxy server when executing the methods corresponding to fig. 5 to fig. 6, where the server may include: a processor 1001, a storage medium 1002 and a bus 1003, the storage medium 1002 storing machine readable instructions executable by the processor 1001, the processor 1001 communicating with the storage medium 1002 via the bus 1003 when the server is running, the processor 1001 executing the machine readable instructions to perform the steps of the above method embodiments. The specific implementation and technical effects are similar, and are not described herein again.
Optionally, the present application further provides a storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the computer program performs the steps of the above method embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. Alternatively, the indirect coupling or communication connection of devices or units may be electrical, mechanical or other.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present application. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (10)

1. A cross-domain data transmission method is characterized in that the method is applied to a source proxy server in a cross-domain data transmission system, and the cross-domain data transmission system comprises the source server, the source proxy server, a target proxy server, a first one-way transmission device, a second one-way transmission device and the target server; wherein the source server is in communication connection with the source proxy server; the first unidirectional transmission equipment is respectively in communication connection with the source proxy server and the target proxy server, and the second unidirectional transmission equipment is respectively in communication connection with the source proxy server and the target proxy server; the target proxy server is in communication connection with the target server; the method comprises the following steps:
receiving an access request sent by the source server, wherein the access request comprises an identifier of the target server;
analyzing the access request to generate an access request text;
performing security verification on the access request text to obtain a security verification result;
if the security verification result indicates that the access request text is secure, sending the access request text to the target server through the first unidirectional transmission equipment and the target proxy server;
and receiving response information sent by the target server through the target proxy server and the second unidirectional transmission equipment, and sending the response information to the source server.
2. The method of claim 1, wherein parsing the access request to generate an access request text comprises:
judging whether the user information is user information in a white list or not according to user information corresponding to the access request and the preset white list, wherein the white list comprises at least one piece of user information which belongs to safety;
and if the user information is the user information in the white list, analyzing the access request to generate an access request text.
3. The method of claim 2, further comprising:
and if the user information is not the user information in the white list, backing up the access request and not analyzing the access request.
4. The method according to any one of claims 1-3, wherein sending the access request text to the target server via the first unidirectional transmission device and the target proxy server comprises:
converting the access request text into a target text conforming to a target protocol according to the format of the target protocol;
encrypting the target text according to a pre-generated secret key to obtain an encrypted target text;
and sending the encrypted target text to the target proxy server through the first one-way transmission equipment, and sending a result obtained by decrypting the encrypted target text by the target proxy server to the target server.
5. A cross-domain data transmission method is characterized in that the method is applied to a target proxy server in a cross-domain data transmission system, and the cross-domain data transmission system comprises a source server, a source proxy server, the target proxy server, a first unidirectional transmission device, a second unidirectional transmission device and a target server; wherein the source server is in communication connection with the source proxy server; the first unidirectional transmission equipment is respectively in communication connection with the source proxy server and the target proxy server, and the second unidirectional transmission equipment is respectively in communication connection with the source proxy server and the target proxy server; the target proxy server is in communication connection with the target server; the method comprises the following steps:
receiving an access request text sent by the source proxy server through the first unidirectional transmission equipment, and sending the access request text to the target server;
receiving response information of the target server, and carrying out security verification on the response information to obtain a security verification result;
and if the security check result indicates that the response information is secure, sending the response information to the source server through the second unidirectional transmission equipment and the source proxy server.
6. The method according to claim 5, wherein the sending the response message to the source server through the second unidirectional transmission device and the source proxy server comprises:
converting the response information into a response text conforming to a specified protocol according to the format of the specified protocol;
encrypting the response text according to a pre-generated secret key to obtain an encrypted response text;
and sending the encrypted response text to the source proxy server through the second unidirectional transmission equipment, and sending a result obtained by decrypting the encrypted response text by the source proxy server to the source server.
7. The method of claim 5, further comprising:
and if the safety check result indicates that the response information is unsafe, sending the unsafe indication of the response information to the source server through the second unidirectional transmission equipment and the source proxy server.
8. A cross-network-domain data transmission device is applied to a source proxy server in a cross-network-domain data transmission system, wherein the cross-network-domain data transmission system comprises the source server, the source proxy server, a target proxy server, a first unidirectional transmission device, a second unidirectional transmission device and the target server; wherein the source server is in communication connection with the source proxy server; the first unidirectional transmission equipment is respectively in communication connection with the source proxy server and the target proxy server, and the second unidirectional transmission equipment is respectively in communication connection with the source proxy server and the target proxy server; the target proxy server is in communication connection with the target server; the device comprises:
a first receiving module, configured to receive an access request sent by the source server, where the access request includes an identifier of the target server;
the first analysis module is used for analyzing the access request to generate an access request text;
the first checking module is used for carrying out safety checking on the access request text to obtain a safety checking result;
the first sending module is used for sending the access request text to the target server through the first unidirectional transmission equipment and the target proxy server if the security verification result indicates that the access request text is secure;
and the first receiving module is used for receiving the response information sent by the target server through the target proxy server and the second unidirectional transmission equipment and sending the response information to the source server.
9. A server, comprising: a processor, a storage medium and a bus, the storage medium storing machine-readable instructions executable by the processor, the processor communicating with the storage medium via the bus when the server is running, the processor executing the machine-readable instructions to perform the steps of the cross-domain data transmission method according to any one of claims 1 to 4 or any one of claims 5 to 7.
10. A storage medium, having stored thereon a computer program which, when executed by a processor, performs the steps of the cross-domain data transmission method according to any one of claims 1 to 7.
CN202110799973.6A 2021-07-15 2021-07-15 Cross-domain data transmission method, device, server and storage medium Pending CN113542274A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110799973.6A CN113542274A (en) 2021-07-15 2021-07-15 Cross-domain data transmission method, device, server and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110799973.6A CN113542274A (en) 2021-07-15 2021-07-15 Cross-domain data transmission method, device, server and storage medium

Publications (1)

Publication Number Publication Date
CN113542274A true CN113542274A (en) 2021-10-22

Family

ID=78099372

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110799973.6A Pending CN113542274A (en) 2021-07-15 2021-07-15 Cross-domain data transmission method, device, server and storage medium

Country Status (1)

Country Link
CN (1) CN113542274A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124916A (en) * 2021-10-27 2022-03-01 阿波罗智联(北京)科技有限公司 Data transmission method and device, electronic equipment and storage medium
CN114826754A (en) * 2022-05-06 2022-07-29 中国光大银行股份有限公司 Communication method and system among different networks, storage medium and electronic device
CN115189916A (en) * 2022-06-10 2022-10-14 中国司法大数据研究院有限公司 Method and device for one-stop display of application system under cross-isolation network
CN116192535A (en) * 2023-04-25 2023-05-30 航天宏图信息技术股份有限公司 Cross-grade and cross-network-domain data transmission method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789909A (en) * 2016-11-22 2017-05-31 北京奇虎科技有限公司 The network data transmission method of application program, apparatus and system
CN107172081A (en) * 2017-06-28 2017-09-15 北京明朝万达科技股份有限公司 A kind of method and apparatus of data check
US20180205705A1 (en) * 2017-01-17 2018-07-19 ARMERON Technologies Ltd. Network request proxy system and method
CN108965203A (en) * 2017-05-18 2018-12-07 腾讯科技(深圳)有限公司 A kind of resource access method and server
US20190028465A1 (en) * 2017-07-21 2019-01-24 Infrared5, Inc. System and method for using a proxy to communicate between secure and unsecure devices
CN110912940A (en) * 2019-12-25 2020-03-24 普世(南京)智能科技有限公司 Isolated network transparent service access method and system based on double unidirectional switching equipment
CN113037855A (en) * 2021-03-22 2021-06-25 北京爱奇艺科技有限公司 Multimedia access system, method, device, terminal and medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789909A (en) * 2016-11-22 2017-05-31 北京奇虎科技有限公司 The network data transmission method of application program, apparatus and system
US20180205705A1 (en) * 2017-01-17 2018-07-19 ARMERON Technologies Ltd. Network request proxy system and method
CN108965203A (en) * 2017-05-18 2018-12-07 腾讯科技(深圳)有限公司 A kind of resource access method and server
CN107172081A (en) * 2017-06-28 2017-09-15 北京明朝万达科技股份有限公司 A kind of method and apparatus of data check
US20190028465A1 (en) * 2017-07-21 2019-01-24 Infrared5, Inc. System and method for using a proxy to communicate between secure and unsecure devices
CN110912940A (en) * 2019-12-25 2020-03-24 普世(南京)智能科技有限公司 Isolated network transparent service access method and system based on double unidirectional switching equipment
CN113037855A (en) * 2021-03-22 2021-06-25 北京爱奇艺科技有限公司 Multimedia access system, method, device, terminal and medium

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124916A (en) * 2021-10-27 2022-03-01 阿波罗智联(北京)科技有限公司 Data transmission method and device, electronic equipment and storage medium
CN114826754A (en) * 2022-05-06 2022-07-29 中国光大银行股份有限公司 Communication method and system among different networks, storage medium and electronic device
CN114826754B (en) * 2022-05-06 2024-06-11 中国光大银行股份有限公司 Communication method and system between different networks, storage medium and electronic device
CN115189916A (en) * 2022-06-10 2022-10-14 中国司法大数据研究院有限公司 Method and device for one-stop display of application system under cross-isolation network
CN116192535A (en) * 2023-04-25 2023-05-30 航天宏图信息技术股份有限公司 Cross-grade and cross-network-domain data transmission method and device
CN116192535B (en) * 2023-04-25 2023-08-08 航天宏图信息技术股份有限公司 Cross-grade and cross-network-domain data transmission method and device

Similar Documents

Publication Publication Date Title
US11089032B2 (en) Signed envelope encryption
US10447674B2 (en) Key exchange through partially trusted third party
CN111371549B (en) Message data transmission method, device and system
CN113542274A (en) Cross-domain data transmission method, device, server and storage medium
US10607016B2 (en) Decrypting files for data leakage protection in an enterprise network
US9130937B1 (en) Validating network communications
CN109413201B (en) SSL communication method, device and storage medium
US7752269B2 (en) Adhoc secure document exchange
KR20060100920A (en) Trusted third party authentication for web services
US11902262B2 (en) System and method for encryption, storage and transmission of digital information
US20130103944A1 (en) Hypertext Link Verification In Encrypted E-Mail For Mobile Devices
CN110020955B (en) Online medical insurance information processing method and device, server and user terminal
US9577988B2 (en) Data encryption, transport, and storage service for carrier-grade networks
US10348701B2 (en) Protecting clients from open redirect security vulnerabilities in web applications
CN110198297B (en) Flow data monitoring method and device, electronic equipment and computer readable medium
CN112751866B (en) Network data transmission method and system
CA2793422C (en) Hypertext link verification in encrypted e-mail for mobile devices
US8640189B1 (en) Communicating results of validation services
Murawat et al. WoT Communication Protocol Security and Privacy Issues
CN113098685B (en) Security verification method and device based on cloud computing and electronic equipment
CN114244593A (en) DNS security defense method and system, electronic equipment and medium
CN117793118A (en) Request processing method, request processing device, electronic equipment and storage medium
Foltz et al. Data Mediation with Enterprise Level Security1

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20211022